IRS hires Equifax despite massive data breach

By Alain Sherter

October 3, 2017 / 5:46 PM
/ MoneyWatch

Equifax CEO out

If millions of consumers are fretting that the Equifax data breach has potentially put everything from their Social Security numbers to credit card data into criminal hands, one party seems noticeably less concerned: the U.S. government.

The IRS last week hired the credit reporting company to provide fraud prevention and taxpayer identification services, Politico reports, citing a government database that lists federal contracts.

A spokeswoman for Equifax did not immediately respond to a request for comment.

Former Equifax CEO Richard E. Smith, who stepped down following news of the breach, appeared before a House panel on Tuesday and apologized for the intrusion, which the company failed to detect for months.

"As CEO I was ultimately responsible for what happened on my watch," he told lawmakers. "To each and every person affected by this breach, I am deeply, deeply sorry that this occurred." Under questioning, Smith admitted that the hacked customer data wasn't encrypted, a practice that's not illegal though not exactly safe, either.

Smith is scheduled to appear on Wednesday before the Senate Banking Committee, followed by the House Financial Services Committee on Thursday.

Equifax is under investigation by the Department of Justice, Federal Trade Commission, Securities and Exchange Commission and Consumer Federal Protection Bureau, as well as by more than 40 state attorneys general.

Cybersecurity experts on Equifax's failure to install software fix

As Smith sought to explain the cyberattack on Capitol Hill, security experts said companies like Equifax that collect large volumes of consumer data must do more to secure the info.

"At the end of the day, companies have to be more vigilant about patching their software," said Dimitri Sirota, CEO of security software maker BigID. "There's basic housekeeping: Don't put all your data in one place. You don't put all your diamond rings at the house at the front door. For companies that collect a lot of data, you have to be careful about how you maintain that data."